From: Alexandre Chartre <alexandre.chartre@oracle.com>
To: Thomas Gleixner <tglx@linutronix.de>,
LKML <linux-kernel@vger.kernel.org>
Cc: x86@kernel.org, Steven Rostedt <rostedt@goodmis.org>,
Brian Gerst <brgerst@gmail.com>, Juergen Gross <jgross@suse.com>,
Frederic Weisbecker <frederic@kernel.org>
Subject: Re: [patch part-II V2 01/13] context_tracking: Ensure that the critical path cannot be instrumented
Date: Tue, 10 Mar 2020 11:12:12 +0100 [thread overview]
Message-ID: <ca03a66a-a632-e646-ed3d-d350f78f7d79@oracle.com> (raw)
In-Reply-To: <20200308222609.017810037@linutronix.de>
On 3/8/20 11:24 PM, Thomas Gleixner wrote:
> context tracking lacks a few protection mechanisms against instrumentation:
>
> - While the core functions are marked NOKPROBE they lack protection
> against function tracing which is required as the function entry/exit
> points can be utilized by BPF.
>
> - static functions invoked from the protected functions need to be marked
> as well as they can be instrumented otherwise.
>
> - using plain inline allows the compiler to emit traceable and probable
> functions.
>
> Fix this by adding the missing notrace/NOKPROBE annotations and converting
> the plain inlines to __always_inline.
>
> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
> ---
> include/linux/context_tracking.h | 14 +++++++-------
> include/linux/context_tracking_state.h | 6 +++---
> kernel/context_tracking.c | 9 +++++----
> 3 files changed, 15 insertions(+), 14 deletions(-)
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
alex.
> --- a/include/linux/context_tracking.h
> +++ b/include/linux/context_tracking.h
> @@ -20,32 +20,32 @@ extern void context_tracking_exit(enum c
> extern void context_tracking_user_enter(void);
> extern void context_tracking_user_exit(void);
>
> -static inline void user_enter(void)
> +static __always_inline void user_enter(void)
> {
> if (context_tracking_enabled())
> context_tracking_enter(CONTEXT_USER);
>
> }
> -static inline void user_exit(void)
> +static __always_inline void user_exit(void)
> {
> if (context_tracking_enabled())
> context_tracking_exit(CONTEXT_USER);
> }
>
> /* Called with interrupts disabled. */
> -static inline void user_enter_irqoff(void)
> +static __always_inline void user_enter_irqoff(void)
> {
> if (context_tracking_enabled())
> __context_tracking_enter(CONTEXT_USER);
>
> }
> -static inline void user_exit_irqoff(void)
> +static __always_inline void user_exit_irqoff(void)
> {
> if (context_tracking_enabled())
> __context_tracking_exit(CONTEXT_USER);
> }
>
> -static inline enum ctx_state exception_enter(void)
> +static __always_inline enum ctx_state exception_enter(void)
> {
> enum ctx_state prev_ctx;
>
> @@ -59,7 +59,7 @@ static inline enum ctx_state exception_e
> return prev_ctx;
> }
>
> -static inline void exception_exit(enum ctx_state prev_ctx)
> +static __always_inline void exception_exit(enum ctx_state prev_ctx)
> {
> if (context_tracking_enabled()) {
> if (prev_ctx != CONTEXT_KERNEL)
> @@ -75,7 +75,7 @@ static inline void exception_exit(enum c
> * is enabled. If context tracking is disabled, returns
> * CONTEXT_DISABLED. This should be used primarily for debugging.
> */
> -static inline enum ctx_state ct_state(void)
> +static __always_inline enum ctx_state ct_state(void)
> {
> return context_tracking_enabled() ?
> this_cpu_read(context_tracking.state) : CONTEXT_DISABLED;
> --- a/include/linux/context_tracking_state.h
> +++ b/include/linux/context_tracking_state.h
> @@ -26,12 +26,12 @@ struct context_tracking {
> extern struct static_key_false context_tracking_key;
> DECLARE_PER_CPU(struct context_tracking, context_tracking);
>
> -static inline bool context_tracking_enabled(void)
> +static __always_inline bool context_tracking_enabled(void)
> {
> return static_branch_unlikely(&context_tracking_key);
> }
>
> -static inline bool context_tracking_enabled_cpu(int cpu)
> +static __always_inline bool context_tracking_enabled_cpu(int cpu)
> {
> return context_tracking_enabled() && per_cpu(context_tracking.active, cpu);
> }
> @@ -41,7 +41,7 @@ static inline bool context_tracking_enab
> return context_tracking_enabled() && __this_cpu_read(context_tracking.active);
> }
>
> -static inline bool context_tracking_in_user(void)
> +static __always_inline bool context_tracking_in_user(void)
> {
> return __this_cpu_read(context_tracking.state) == CONTEXT_USER;
> }
> --- a/kernel/context_tracking.c
> +++ b/kernel/context_tracking.c
> @@ -31,7 +31,7 @@ EXPORT_SYMBOL_GPL(context_tracking_key);
> DEFINE_PER_CPU(struct context_tracking, context_tracking);
> EXPORT_SYMBOL_GPL(context_tracking);
>
> -static bool context_tracking_recursion_enter(void)
> +static notrace bool context_tracking_recursion_enter(void)
> {
> int recursion;
>
> @@ -44,8 +44,9 @@ static bool context_tracking_recursion_e
>
> return false;
> }
> +NOKPROBE_SYMBOL(context_tracking_recursion_enter);
>
> -static void context_tracking_recursion_exit(void)
> +static __always_inline void context_tracking_recursion_exit(void)
> {
> __this_cpu_dec(context_tracking.recursion);
> }
> @@ -59,7 +60,7 @@ static void context_tracking_recursion_e
> * instructions to execute won't use any RCU read side critical section
> * because this function sets RCU in extended quiescent state.
> */
> -void __context_tracking_enter(enum ctx_state state)
> +void notrace __context_tracking_enter(enum ctx_state state)
> {
> /* Kernel threads aren't supposed to go to userspace */
> WARN_ON_ONCE(!current->mm);
> @@ -142,7 +143,7 @@ NOKPROBE_SYMBOL(context_tracking_user_en
> * This call supports re-entrancy. This way it can be called from any exception
> * handler without needing to know if we came from userspace or not.
> */
> -void __context_tracking_exit(enum ctx_state state)
> +void notrace __context_tracking_exit(enum ctx_state state)
> {
> if (!context_tracking_recursion_enter())
> return;
>
next prev parent reply other threads:[~2020-03-10 10:12 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-08 22:23 [patch part-II V2 00/13] x86/entry: Consolidation - Part II (syscalls) Thomas Gleixner
2020-03-08 22:24 ` [patch part-II V2 01/13] context_tracking: Ensure that the critical path cannot be instrumented Thomas Gleixner
2020-03-09 14:22 ` Frederic Weisbecker
2020-03-09 14:40 ` Thomas Gleixner
2020-03-10 10:12 ` Alexandre Chartre [this message]
2020-03-08 22:24 ` [patch part-II V2 02/13] x86/entry: Mark enter_from_user_mode() notrace and NOKPROBE Thomas Gleixner
2020-03-09 15:14 ` Frederic Weisbecker
2020-03-09 15:40 ` Thomas Gleixner
2020-03-11 22:21 ` Frederic Weisbecker
2020-03-10 10:15 ` Alexandre Chartre
2020-03-08 22:24 ` [patch part-II V2 03/13] x86/entry/32: Remove unused label restore_nocheck Thomas Gleixner
2020-03-10 10:16 ` Alexandre Chartre
2020-03-10 13:02 ` [tip: x86/entry] " tip-bot2 for Thomas Gleixner
2020-03-08 22:24 ` [patch part-II V2 04/13] x86/entry/64: Trace irqflags unconditionally as ON when returning to user space Thomas Gleixner
2020-03-10 10:25 ` Alexandre Chartre
2020-03-10 13:02 ` [tip: x86/entry] " tip-bot2 for Thomas Gleixner
2020-03-08 22:24 ` [patch part-II V2 05/13] x86/entry/common: Consolidate syscall entry code Thomas Gleixner
2020-03-08 22:24 ` [patch part-II V2 06/13] x86/entry/common: Mark syscall entry points notrace and NOKPROBE Thomas Gleixner
2020-03-13 15:12 ` Frederic Weisbecker
2020-03-08 22:24 ` [patch part-II V2 07/13] x86/entry: Move irq tracing on syscall entry to C-code Thomas Gleixner
2020-03-13 15:16 ` Frederic Weisbecker
2020-03-13 23:17 ` Thomas Gleixner
2020-03-08 22:24 ` [patch part-II V2 08/13] tracing: Provide lockdep less trace_hardirqs_on/off() variants Thomas Gleixner
2020-03-10 10:55 ` Alexandre Chartre
2020-03-10 11:08 ` Borislav Petkov
2020-03-10 11:21 ` Alexandre Chartre
2020-03-08 22:24 ` [patch part-II V2 09/13] x86/entry/common: Split hardirq tracing into lockdep and ftrace parts Thomas Gleixner
2020-03-10 11:20 ` Borislav Petkov
2020-03-10 13:40 ` Steven Rostedt
2020-03-10 13:28 ` Alexandre Chartre
2020-03-23 9:08 ` [x86/entry/common] bae397f6e7: WARNING:at_kernel/sched/cputime.c:#get_vtime_delta kernel test robot
2020-03-23 9:08 ` kernel test robot
2020-03-08 22:24 ` [patch part-II V2 10/13] x86/entry/common: Split prepare_exit_to_usermode() and syscall_return_slowpath() Thomas Gleixner
2020-03-10 13:37 ` Alexandre Chartre
2020-03-08 22:24 ` [patch part-II V2 11/13] x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline Thomas Gleixner
2020-03-10 13:48 ` Alexandre Chartre
2020-03-10 16:38 ` Thomas Gleixner
2020-03-08 22:24 ` [patch part-II V2 12/13] x86/entry: Move irq flags tracing to prepare_exit_to_usermode() Thomas Gleixner
2020-03-10 14:03 ` Alexandre Chartre
2020-03-08 22:24 ` [patch part-II V2 13/13] x86/entry/common: Split irq tracing in prepare_exit_to_usermode() Thomas Gleixner
2020-03-10 14:09 ` Alexandre Chartre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ca03a66a-a632-e646-ed3d-d350f78f7d79@oracle.com \
--to=alexandre.chartre@oracle.com \
--cc=brgerst@gmail.com \
--cc=frederic@kernel.org \
--cc=jgross@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.